Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-04-2014 Ran by ewunia (administrator) on EWUNIA-KOMPUTER on 27-04-2014 21:02:31 Running from C:\Users\ewunia\Downloads Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Polish Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (DeviceVM, Inc.) C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe () C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE (F-Secure Corporation) C:\Program Files\Bezpieczny Internet Premium\fshoster32.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (DeviceVM, Inc.) C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Creative Technology Ltd.) C:\Windows\V0770Mon.exe (F-Secure Corporation) C:\Program Files\Bezpieczny Internet Premium\fshoster32.exe (Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\brccMCtl.exe () C:\Users\ewunia\AppData\Roaming\regsrv64.exe (Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [BCU] => C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe [375000 2009-10-15] (DeviceVM, Inc.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8522272 2010-02-25] (Realtek Semiconductor) HKLM\...\Run: [V0770Mon.exe] => C:\Windows\V0770Mon.exe [32884 2012-06-01] (Creative Technology Ltd.) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [F-Secure Hoster (4436020)] => C:\Program Files\Bezpieczny Internet Premium\fshoster32.exe [188400 2013-01-18] (F-Secure Corporation) HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [2621440 2010-02-09] (Brother Industries, Ltd.) HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2014-01-08] (Microsoft Corporation) HKU\S-1-5-21-743547813-428604125-3645034512-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company) HKU\S-1-5-21-743547813-428604125-3645034512-1000\...\Run: [Microsoft DLL Registration] => C:\Users\ewunia\AppData\Roaming\regsrv64.exe [77824 2014-04-25] () Startup: C:\Users\ewunia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\{be62610d-322b-3431-dc31-96f6be62610d}.exe (Nero StartSmart Essentials) ==================== Internet (Whitelisted) ==================== URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) SearchScopes: HKCU - DefaultScope {FC82149F-4F10-4250-85D6-7CB5BED7AE9C} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD SearchScopes: HKCU - {B351006E-67A7-40b9-B73E-88CEA534797E} URL = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=pl&q={searchTerms} SearchScopes: HKCU - {FC82149F-4F10-4250-85D6-7CB5BED7AE9C} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) Chrome: ======= CHR StartupUrls: "https://www.google.pl/" CHR Extension: (Dokumenty Google) - C:\Users\ewunia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-08] CHR Extension: (Dysk Google) - C:\Users\ewunia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-08] CHR Extension: (YouTube) - C:\Users\ewunia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-08] CHR Extension: (Szukaj w Google) - C:\Users\ewunia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-08] CHR Extension: (AdBlock) - C:\Users\ewunia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-01-29] CHR Extension: (Google Wallet) - C:\Users\ewunia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-08] CHR Extension: (Gmail) - C:\Users\ewunia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-08] ========================== Services (Whitelisted) ================= S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () R2 BCUService; C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe [223464 2009-10-15] (DeviceVM, Inc.) R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) R2 ES lite Service; C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] () R2 fshoster; C:\Program Files\Bezpieczny Internet Premium\fshoster32.exe [188400 2013-01-18] (F-Secure Corporation) ==================== Drivers (Whitelisted) ==================== R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [19496 2010-04-27] () R3 gdrv; C:\Windows\gdrv.sys [17488 2014-04-27] (Windows (R) 2000 DDK provider) R3 V0770Vid; C:\Windows\System32\DRIVERS\V0770Vid.sys [325376 2012-06-01] (Creative Technology Ltd.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-27 20:53 - 2014-04-27 21:02 - 00008771 _____ () C:\Users\ewunia\Downloads\FRST.txt 2014-04-27 20:53 - 2014-04-27 20:56 - 00020945 _____ () C:\Users\ewunia\Downloads\Addition.txt 2014-04-27 20:51 - 2014-04-27 21:02 - 00000000 ____D () C:\FRST 2014-04-27 20:49 - 2014-04-27 20:49 - 01049600 _____ (Farbar) C:\Users\ewunia\Downloads\FRST.exe 2014-04-27 16:45 - 2014-04-27 17:03 - 116119602 _____ () C:\Users\ewunia\Downloads\Mój film1.mp4 2014-04-26 14:13 - 2014-04-26 14:13 - 00077824 _____ () C:\Users\ewunia\AppData\Roaming\00056B6F.exe 2014-04-26 12:54 - 2014-04-26 12:54 - 00315392 _____ () C:\Users\ewunia\AppData\Roaming\00059D28.exe 2014-04-26 12:54 - 2014-04-26 12:54 - 00077824 _____ () C:\Users\ewunia\AppData\Roaming\000549CB.exe 2014-04-26 11:32 - 2014-04-26 11:32 - 00099548 _____ () C:\Users\ewunia\Downloads\OTL.Txt 2014-04-26 11:32 - 2014-04-26 11:32 - 00004251 _____ () C:\Users\ewunia\Downloads\gmer.txt 2014-04-26 11:18 - 2014-04-26 11:23 - 00000000 ____D () C:\Users\ewunia\Desktop\fgfgff 2014-04-26 11:08 - 2014-04-26 11:08 - 00315392 _____ () C:\Users\ewunia\AppData\Roaming\000521F1.exe 2014-04-26 11:08 - 2014-04-26 11:08 - 00077824 _____ () C:\Users\ewunia\AppData\Roaming\00050157.exe 2014-04-26 08:37 - 2014-04-26 08:37 - 00315392 _____ () C:\Users\ewunia\AppData\Roaming\0004F91D.exe 2014-04-26 08:37 - 2014-04-26 08:37 - 00077824 _____ () C:\Users\ewunia\AppData\Roaming\0004EF9B.exe 2014-04-25 18:05 - 2014-04-25 18:05 - 00077824 _____ () C:\Users\ewunia\AppData\Roaming\0004FA64.exe ==================== One Month Modified Files and Folders ======= 2014-04-27 21:02 - 2014-04-27 20:53 - 00008771 _____ () C:\Users\ewunia\Downloads\FRST.txt 2014-04-27 21:02 - 2014-04-27 20:51 - 00000000 ____D () C:\FRST 2014-04-27 20:56 - 2014-04-27 20:53 - 00020945 _____ () C:\Users\ewunia\Downloads\Addition.txt 2014-04-27 20:49 - 2014-04-27 20:49 - 01049600 _____ (Farbar) C:\Users\ewunia\Downloads\FRST.exe 2014-04-27 20:46 - 2014-01-08 18:50 - 01549696 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-27 20:46 - 2009-07-14 10:07 - 00697674 _____ () C:\Windows\system32\perfh015.dat 2014-04-27 20:46 - 2009-07-14 10:07 - 00134784 _____ () C:\Windows\system32\perfc015.dat 2014-04-27 20:44 - 2014-01-08 18:38 - 01824781 _____ () C:\Windows\WindowsUpdate.log 2014-04-27 20:41 - 2014-01-08 20:43 - 00001032 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-27 20:41 - 2014-01-08 19:39 - 00017488 _____ (Windows (R) 2000 DDK provider) C:\Windows\gdrv.sys 2014-04-27 20:41 - 2014-01-08 19:38 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-04-27 20:41 - 2014-01-08 18:41 - 00000145 _____ () C:\service.log 2014-04-27 20:41 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-27 20:41 - 2009-07-14 06:39 - 00051398 _____ () C:\Windows\setupact.log 2014-04-27 19:13 - 2009-07-14 06:34 - 00026976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-27 19:13 - 2009-07-14 06:34 - 00026976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-27 19:09 - 2014-01-08 20:43 - 00001036 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-27 17:03 - 2014-04-27 16:45 - 116119602 _____ () C:\Users\ewunia\Downloads\Mój film1.mp4 2014-04-26 14:13 - 2014-04-26 14:13 - 00077824 _____ () C:\Users\ewunia\AppData\Roaming\00056B6F.exe 2014-04-26 12:54 - 2014-04-26 12:54 - 00315392 _____ () C:\Users\ewunia\AppData\Roaming\00059D28.exe 2014-04-26 12:54 - 2014-04-26 12:54 - 00077824 _____ () C:\Users\ewunia\AppData\Roaming\000549CB.exe 2014-04-26 11:32 - 2014-04-26 11:32 - 00099548 _____ () C:\Users\ewunia\Downloads\OTL.Txt 2014-04-26 11:32 - 2014-04-26 11:32 - 00004251 _____ () C:\Users\ewunia\Downloads\gmer.txt 2014-04-26 11:23 - 2014-04-26 11:18 - 00000000 ____D () C:\Users\ewunia\Desktop\fgfgff 2014-04-26 11:08 - 2014-04-26 11:08 - 00315392 _____ () C:\Users\ewunia\AppData\Roaming\000521F1.exe 2014-04-26 11:08 - 2014-04-26 11:08 - 00077824 _____ () C:\Users\ewunia\AppData\Roaming\00050157.exe 2014-04-26 08:37 - 2014-04-26 08:37 - 00315392 _____ () C:\Users\ewunia\AppData\Roaming\0004F91D.exe 2014-04-26 08:37 - 2014-04-26 08:37 - 00077824 _____ () C:\Users\ewunia\AppData\Roaming\0004EF9B.exe 2014-04-25 18:05 - 2014-04-25 18:05 - 00077824 _____ () C:\Users\ewunia\AppData\Roaming\0004FA64.exe 2014-04-25 18:05 - 2014-03-25 21:58 - 00077824 _____ () C:\Users\ewunia\AppData\Roaming\regsrv64.exe 2014-04-20 13:54 - 2014-01-29 11:02 - 00000000 ____D () C:\Users\ewunia\Downloads\Nowy folder 2014-04-17 08:07 - 2014-01-20 20:37 - 00000000 ____D () C:\Users\ewunia\Desktop\ania 2014-04-14 12:14 - 2014-01-08 20:48 - 00002135 _____ () C:\Users\Public\Desktop\Google Chrome.lnk Some content of TEMP: ==================== C:\Users\ewunia\AppData\Local\Temp\libcurl-4.dll C:\Users\ewunia\AppData\Local\Temp\minerd.exe C:\Users\ewunia\AppData\Local\Temp\pthreadGC2.dll C:\Users\ewunia\AppData\Local\Temp\_is1AC0.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe [2014-01-08 21:22] - [2010-11-20 14:17] - 0285696 ____A (Microsoft Corporation) 1562571D6B1541098E677C3BB78709A0 C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll [2014-01-08 21:22] - [2010-11-20 14:21] - 0811520 ____A (Microsoft Corporation) BE8C64439F1E2AF088063218C16EB9FE C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-09 15:29 ==================== End Of Log ============================